solidity-argus 0.3.4 → 0.3.6

package/src/tools/report-generator-tool.ts

@@ -3,15 +3,21 @@ import path from "node:path"
 import { type ToolContext, tool } from "@opencode-ai/plugin"
 import { loadArgusConfig } from "../config/loader"
 import type { ArgusConfig } from "../config/types"
+import { readEvents } from "../features/persistent-state/event-sink"
 import type { DropDiagnostic, DropPolicy } from "../shared/drop-diagnostics"
 import { createDropDiagnosticsCollector } from "../shared/drop-diagnostics"
 import { createLogger } from "../shared/logger"
 import { resolveProjectDir } from "../shared/project-utils"
 import { resolveReportPath } from "../shared/report-path-resolver"
 import { normalizeToCanonicalFinding } from "../state/adapters"
-import { stableHash } from "../state/projectors"
+import {
+  compareIssueFingerprintSets,
+  dedupeFindingsForFinalOutput,
+} from "../state/finding-aggregation"
+import { projectFindings, stableHash } from "../state/projectors"
 import { type ReportInput, SCHEMA_VERSION, validateReportInput } from "../state/schemas"
 import type { AuditState, Finding, FindingSeverity } from "../state/types"
+import { checkReportPreflight } from "./report-preflight"
 
 type SeverityThreshold = "critical" | "high" | "medium" | "low" | "informational"
 
@@ -23,6 +29,7 @@ type ReportGeneratorArgs = {
   quality_gate_policy?: QualityGatePolicy
   report_input?: string
   audit_state?: string
+  preflight_policy?: PreflightPolicy
 }
 
 type FindingsCount = {
@@ -46,6 +53,8 @@ export type ReportGenerationResult = {
 
 type QualityGatePolicy = "warn" | "strict-fail"
 
+type PreflightPolicy = "warn" | "strict-fail"
+
 type ReportQualityViolation = {
   findingId: string
   code: string
@@ -59,6 +68,10 @@ type ReportQualityValidation = {
 
 export type ReportGenerationDependencies = {
   loadConfig?: (projectDir: string) => ArgusConfig
+  readEvents?: (
+    runId: string,
+    projectDir: string,
+  ) => Promise<import("../state/schemas").AuditEvent[]>
 }
 
 export const SINGLE_WRITER_POLICY_VERSION = "1.0.0"
@@ -993,9 +1006,25 @@ export function buildProvenanceAppendix(
     lines.push("| Tool | Duration | Status | Findings |")
     lines.push("| --- | --- | --- | ---: |")
     for (const exec of state.toolsExecuted) {
-      const duration = exec.endTime != null ? formatDuration(exec.endTime - exec.startTime) : "—"
-      const status = exec.success ? "✅ success" : "❌ failure"
-      lines.push(`| ${exec.tool} | ${duration} | ${status} | ${exec.findingsCount} |`)
+      const toolName = typeof exec.tool === "string" && exec.tool ? exec.tool : "(unknown tool)"
+      const hasTimes =
+        typeof exec.startTime === "number" &&
+        !Number.isNaN(exec.startTime) &&
+        exec.endTime != null &&
+        typeof exec.endTime === "number" &&
+        !Number.isNaN(exec.endTime)
+      const duration = hasTimes ? formatDuration((exec.endTime as number) - exec.startTime) : "N/A"
+      const status =
+        typeof exec.success === "boolean"
+          ? exec.success
+            ? "\u2705 success"
+            : "\u274C failure"
+          : "\u26A0 malformed"
+      const findings =
+        typeof exec.findingsCount === "number" && !Number.isNaN(exec.findingsCount)
+          ? exec.findingsCount
+          : "N/A"
+      lines.push(`| ${toolName} | ${duration} | ${status} | ${findings} |`)
     }
   }
 
@@ -1008,7 +1037,11 @@ export function buildProvenanceAppendix(
       lines.push(`- Pattern pack version: \`${state.patternVersion}\``)
     }
     if (syncExec) {
-      lines.push(`- SCVD last synced: ${new Date(syncExec.startTime).toISOString()}`)
+      const syncTime =
+        typeof syncExec.startTime === "number" && !Number.isNaN(syncExec.startTime)
+          ? new Date(syncExec.startTime).toISOString()
+          : "N/A"
+      lines.push(`- SCVD last synced: ${syncTime}`)
     }
   }
 
@@ -1066,10 +1099,81 @@ export async function executeReportGeneration(
   const threshold = args.severity_threshold ?? "low"
   const qualityGatePolicy = args.quality_gate_policy ?? "warn"
   const { reportInput, diagnostics } = parseReportInputPayload(args, context)
+  const preflightPolicy = args.preflight_policy ?? "warn"
+  let preflightWarningSection: string | null = null
+  const warningBullets: string[] = []
+  try {
+    const readEventsFn = deps.readEvents ?? readEvents
+    const events = await readEventsFn(reportInput.run_id, reportInput.projectDir)
+    const preflightResult = checkReportPreflight(events)
+    if (!preflightResult.passed) {
+      if (preflightPolicy === "strict-fail") {
+        const parts: string[] = []
+        if (preflightResult.orphanedTools.length > 0)
+          parts.push(`orphaned tools: ${preflightResult.orphanedTools.join(", ")}`)
+        if (preflightResult.missingLifecycle.length > 0)
+          parts.push(`missing lifecycle: ${preflightResult.missingLifecycle.join(", ")}`)
+        if (preflightResult.missingRequiredTools.length > 0)
+          parts.push(`missing required tools: ${preflightResult.missingRequiredTools.join(", ")}`)
+        throw new Error(`Preflight failed (strict-fail): ${parts.join("; ")}`)
+      }
+      if (preflightResult.orphanedTools.length > 0)
+        warningBullets.push(`- Orphaned tools: ${preflightResult.orphanedTools.join(", ")}`)
+      if (preflightResult.missingLifecycle.length > 0)
+        warningBullets.push(`- Missing lifecycle: ${preflightResult.missingLifecycle.join(", ")}`)
+      if (preflightResult.missingRequiredTools.length > 0)
+        warningBullets.push(
+          `- Missing required tools: ${preflightResult.missingRequiredTools.join(", ")}`,
+        )
+      if (preflightResult.warnings.length > 0)
+        warningBullets.push(`- Warnings: ${preflightResult.warnings.join(", ")}`)
+    }
+
+    const eventFindings = dedupeFindingsForFinalOutput(projectFindings(events))
+    const inputFindings = dedupeFindingsForFinalOutput(reportInput.findings)
+    const parity = compareIssueFingerprintSets(eventFindings, inputFindings)
+
+    if (!parity.matches) {
+      const mismatchSummary = `missing=${parity.missing.length}, extra=${parity.extra.length}`
+      if (preflightPolicy === "strict-fail") {
+        throw new Error(
+          `Preflight failed (strict-fail): finding parity mismatch (${mismatchSummary})`,
+        )
+      }
+
+      warningBullets.push(`- Finding parity mismatch: ${mismatchSummary}`)
+      if (parity.missing.length > 0) {
+        warningBullets.push(`- Missing issue fingerprints: ${parity.missing.join(", ")}`)
+      }
+      if (parity.extra.length > 0) {
+        warningBullets.push(`- Extra issue fingerprints: ${parity.extra.join(", ")}`)
+      }
+    }
+  } catch (err) {
+    if (err instanceof Error && err.message.startsWith("Preflight failed (strict-fail)")) {
+      throw err
+    }
+    if (preflightPolicy === "strict-fail") {
+      throw new Error("Preflight failed: unable to read event stream for completeness check")
+    }
+    // warn mode: skip preflight when events cannot be read
+  }
+
+  if (warningBullets.length > 0) {
+    preflightWarningSection = [
+      "## \u26A0 Completeness Warning",
+      "",
+      "This report was generated with incomplete orchestration state.",
+      "",
+      ...warningBullets,
+    ].join("\n")
+  }
+
   const state = reportInputToAuditState(reportInput)
   const scope = args.scope.length > 0 ? args.scope : reportInput.scope
+  const finalFindings = dedupeFindingsForFinalOutput(reportInput.findings)
   const findings = sortFindingsDeterministically(
-    state.findings.filter((finding) => shouldIncludeFinding(finding, threshold)),
+    finalFindings.filter((finding) => shouldIncludeFinding(finding, threshold)),
   )
   const qualityGates = validateReportQuality(findings, qualityGatePolicy)
   if (!qualityGates.passed && qualityGatePolicy === "strict-fail") {
@@ -1129,6 +1233,10 @@ export async function executeReportGeneration(
     sections.push(`- ${item}`)
   }
 
+  if (preflightWarningSection) {
+    sections.push(preflightWarningSection)
+  }
+
   sections.push(buildProvenanceAppendix(state, threshold, findings.length))
 
   // Embed report metadata for single-writer policy enforcement
@@ -1159,7 +1267,7 @@ export async function executeReportGeneration(
     const loadConfig = deps.loadConfig ?? loadArgusConfig
     const projectDir = resolveProjectDir(context)
     const config = loadConfig(projectDir)
-    const outputDir = config.reporting?.output_dir ?? ".opencode/reports/"
+    const outputDir = config.reporting?.output_dir ?? ".argus/reports/"
     const fullPath = path.join(projectDir, outputDir, canonicalFilename)
 
     // Single-writer policy: check for duplicate writes with same run_id
@@ -1194,6 +1302,7 @@ export const reportGeneratorTool = tool({
       .default("low"),
     report_input: tool.schema.string().optional(),
     audit_state: tool.schema.string().optional(),
+    preflight_policy: tool.schema.enum(["warn", "strict-fail"]).optional(),
   },
   async execute(args, context) {
     const result = await executeReportGeneration(args, context)

package/src/tools/report-preflight.ts

@@ -0,0 +1,79 @@
+import {
+  collectToolLifecycleIssues,
+  hasSessionCreated,
+  hasSessionDeleted,
+} from "../features/persistent-state/run-finalizer"
+import type { AuditEvent } from "../state/schemas"
+
+export interface PreflightResult {
+  passed: boolean
+  orphanedTools: string[]
+  missingLifecycle: string[]
+  missingRequiredTools: string[]
+  warnings: string[]
+}
+
+export interface PreflightOptions {
+  requiredTools?: string[]
+}
+
+function asRecord(value: unknown): Record<string, unknown> | null {
+  if (typeof value === "object" && value !== null && !Array.isArray(value)) {
+    return value as Record<string, unknown>
+  }
+  return null
+}
+
+function hasCompletedTool(events: AuditEvent[], toolName: string): boolean {
+  for (const event of events) {
+    if (event.type !== "tool.completed") {
+      continue
+    }
+
+    const payload = asRecord(event.payload)
+    if (!payload) {
+      continue
+    }
+
+    const name = payload.name
+    const tool = payload.tool
+    if (name === toolName || tool === toolName) {
+      return true
+    }
+  }
+
+  return false
+}
+
+export function checkReportPreflight(
+  events: AuditEvent[],
+  options: PreflightOptions = {},
+): PreflightResult {
+  const missingLifecycle: string[] = []
+  if (!hasSessionCreated(events)) {
+    missingLifecycle.push("session.created")
+  }
+  if (!hasSessionDeleted(events)) {
+    missingLifecycle.push("session.deleted")
+  }
+
+  const { orphanedToolCallIds, malformedEvents } = collectToolLifecycleIssues(events)
+
+  const missingRequiredTools: string[] = []
+  for (const requiredTool of options.requiredTools ?? []) {
+    if (!hasCompletedTool(events, requiredTool)) {
+      missingRequiredTools.push(requiredTool)
+    }
+  }
+
+  return {
+    passed:
+      orphanedToolCallIds.length === 0 &&
+      missingLifecycle.length === 0 &&
+      missingRequiredTools.length === 0,
+    orphanedTools: orphanedToolCallIds,
+    missingLifecycle,
+    missingRequiredTools,
+    warnings: malformedEvents,
+  }
+}

package/src/tools/solodit-search-tool.ts

@@ -258,7 +258,9 @@ export async function executeSoloditSearch(
   let hadMcpError = false
   for (const toolName of SOLODIT_MCP_TOOLS) {
     try {
-      logger.debug(`[solodit] Trying MCP tool '${toolName}' on server '${SOLODIT_MCP_SERVER}' for query: ${query}`)
+      logger.debug(
+        `[solodit] Trying MCP tool '${toolName}' on server '${SOLODIT_MCP_SERVER}' for query: ${query}`,
+      )
       const response = await mcpCaller(
         SOLODIT_MCP_SERVER,
         toolName,
@@ -289,7 +291,9 @@ export async function executeSoloditSearch(
   }
 
   // All MCP tools failed — fall back to HTTP
-  logger.debug(`[solodit] All MCP tools failed (hadMcpError=${hadMcpError}) — falling back to HTTP for query: ${query}`)
+  logger.debug(
+    `[solodit] All MCP tools failed (hadMcpError=${hadMcpError}) — falling back to HTTP for query: ${query}`,
+  )
   return callSoloditHttp(query, limit, args.severity, port)
 }