npm - solidity-argus - Versions diffs - 0.3.6 → 0.3.7 - Mend

solidity-argus 0.3.6 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/package.json +1 -1
package/src/create-hooks.ts +72 -12
package/src/features/persistent-state/findings-materializer.ts +23 -1
package/src/hooks/event-hook.ts +1 -1
package/src/hooks/tool-tracking-hook.ts +9 -3
package/src/tools/report-generator-tool.ts +2 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "solidity-argus",
-  "version": "0.3.6",
+  "version": "0.3.7",
   "description": "Solidity smart contract security auditing plugin for OpenCode — 4 specialized agents, 12 tools (11 core + optional Solodit), and a curated vulnerability knowledge base",
   "keywords": [
     "solidity",

package/src/create-hooks.ts CHANGED Viewed

@@ -41,6 +41,31 @@ export type AgentTrackerRef = {
 let _agentTrackerRef: AgentTrackerRef | undefined
+const REPORT_METADATA_REGEX = /<!-- argus:report_metadata (.+?) -->/
+function extractRunIdFromReportToolOutput(result: string): string | undefined {
+  try {
+    const parsed = JSON.parse(result) as Record<string, unknown>
+    if (typeof parsed.run_id === "string" && parsed.run_id.length > 0) {
+      return parsed.run_id
+    }
+    if (typeof parsed.report === "string") {
+      const match = parsed.report.match(REPORT_METADATA_REGEX)
+      if (match?.[1]) {
+        const metadata = JSON.parse(match[1]) as Record<string, unknown>
+        if (typeof metadata.run_id === "string" && metadata.run_id.length > 0) {
+          return metadata.run_id
+        }
+      }
+    }
+  } catch {
+    return undefined
+  }
+  return undefined
+}
 export function getAgentForSession(sessionID: string): string | undefined {
   return _agentTrackerRef?.getAgentForSession(sessionID)
 }
@@ -326,6 +351,20 @@ export function createHooks(args: {
                   return agent
                 }
+                return "unknown"
+              },
+              getAgentNameForSession: (sessionId: string) => {
+                const agent = agentTracker.getAgentForSession(sessionId)
+                if (
+                  agent === "argus" ||
+                  agent === "sentinel" ||
+                  agent === "pythia" ||
+                  agent === "scribe" ||
+                  agent === "unknown"
+                ) {
+                  return agent
+                }
                 return "unknown"
               },
             },
@@ -334,30 +373,31 @@ export function createHooks(args: {
       )
     : undefined
-  const materializeCurrentFindings = async (
+  const materializeFindingsForRun = async (
+    runId: string,
+    projectDirForRun: string,
+    sessionIdForRun: string | undefined,
     trigger: "session.idle" | "tool.execute.after",
     failFast = false,
   ): Promise<void> => {
-    const state = getAuditState()
-    if (!state || state.sessionId.length === 0) {
+    if (!runId || runId.length === 0) {
       return
     }
     try {
-      await materializeFindings(
-        state.sessionId,
-        state.projectDir,
-        currentOpencodeSessionId.length > 0 ? currentOpencodeSessionId : undefined,
-      )
+      await materializeFindings(runId, projectDirForRun, sessionIdForRun, {
+        validateSessionId: sessionIdForRun != null && sessionIdForRun.length > 0,
+        requireEvents: true,
+      })
     } catch (error) {
       if (failFast) {
         throw new Error(
-          `Failed to materialize findings artifact on ${trigger} for run ${state.sessionId}: ${error instanceof Error ? error.message : String(error)}`,
+          `Failed to materialize findings artifact on ${trigger} for run ${runId}: ${error instanceof Error ? error.message : String(error)}`,
         )
       }
       logger.warn(
-        `Failed to materialize findings artifact on ${trigger} for run ${state.sessionId}: ${error instanceof Error ? error.message : String(error)}`,
+        `Failed to materialize findings artifact on ${trigger} for run ${runId}: ${error instanceof Error ? error.message : String(error)}`,
       )
     }
   }
@@ -378,7 +418,13 @@ export function createHooks(args: {
               if (hasNewFinalization && finalizationResult.runId.length > 0) {
                 try {
-                  await materializeFindings(finalizationResult.runId, projectDir)
+                  await materializeFindingsForRun(
+                    finalizationResult.runId,
+                    projectDir,
+                    input.event.sessionId,
+                    "session.idle",
+                    true,
+                  )
                 } catch (error) {
                   logger.warn(
                     `Failed to materialize findings artifact for run ${finalizationResult.runId}: ${error instanceof Error ? error.message : String(error)}`,
@@ -437,10 +483,24 @@ export function createHooks(args: {
             tool: input.tool,
             args: input.args,
             result: output.output,
+            sessionID: input.sessionID,
+            callID: input.callID,
           })
           if (input.tool === "argus_generate_report") {
-            await materializeCurrentFindings("tool.execute.after", true)
+            const state = getAuditState()
+            if (!state || state.sessionId.length === 0) {
+              throw new Error("argus_generate_report completed without active audit state")
+            }
+            const runId = extractRunIdFromReportToolOutput(output.output) ?? state.sessionId
+            await materializeFindingsForRun(
+              runId,
+              state.projectDir,
+              input.sessionID,
+              "tool.execute.after",
+              true,
+            )
           }
           const outputWithHint = recoveryHint ? `${output.output}${recoveryHint}` : output.output

package/src/features/persistent-state/findings-materializer.ts CHANGED Viewed

@@ -20,12 +20,34 @@ export interface FindingsArtifact {
   toolsExecuted: CanonicalToolExecution[]
 }
+export interface FindingsMaterializeOptions {
+  validateSessionId?: boolean
+  requireEvents?: boolean
+}
 export async function materializeFindings(
   runId: string,
   projectDir: string,
   sessionId?: string,
+  options: FindingsMaterializeOptions = {},
 ): Promise<FindingsArtifact> {
   const events = await readEvents(runId, projectDir)
+  if (options.requireEvents && events.length === 0) {
+    throw new Error(`No events found for run ${runId}`)
+  }
+  const sessionIdFromEvents = events[0]?.session_id ?? ""
+  if (
+    options.validateSessionId &&
+    sessionId &&
+    sessionIdFromEvents.length > 0 &&
+    sessionId !== sessionIdFromEvents
+  ) {
+    throw new Error(
+      `Session mismatch for run ${runId}: provided ${sessionId}, event stream has ${sessionIdFromEvents}`,
+    )
+  }
   const findings = dedupeFindingsForFinalOutput(projectFindings(events))
   const toolsExecuted = projectToolExecutions(events)
   const contentHash = stableHash(JSON.stringify(findings))
@@ -33,7 +55,7 @@ export async function materializeFindings(
   const artifact: FindingsArtifact = {
     run_id: runId,
-    session_id: sessionId ?? events[0]?.session_id ?? "",
+    session_id: sessionId ?? sessionIdFromEvents,
     schema_version: SCHEMA_VERSION,
     seq_first: events[0]?.seq ?? 0,
     seq_last: events.at(-1)?.seq ?? 0,

package/src/hooks/event-hook.ts CHANGED Viewed

@@ -113,7 +113,6 @@ export function createEventHook(
       case "session.deleted": {
         preDeleteState = currentAuditState
-        currentAuditState = null
         break
       }
@@ -179,6 +178,7 @@ export function createEventHook(
             }
           }
         }
+        currentAuditState = null
         eventSink = null
         break
       }

package/src/hooks/tool-tracking-hook.ts CHANGED Viewed

@@ -27,6 +27,8 @@ type ToolHookInput = {
   tool: string
   args: unknown
   result: string
+  sessionID?: string
+  callID?: string
 }
 type ToolExecutionMetadata = {
@@ -38,6 +40,7 @@ export type ToolTrackingOptions = {
   getEventSink?: () => EventSink | null
   getSessionId?: () => string
   getAgentName?: () => ArgusAgentName | undefined
+  getAgentNameForSession?: (sessionId: string) => ArgusAgentName | undefined
   dropPolicy?: DropPolicy
   onChildSessionDetected?: (parentSessionId: string, childSessionId: string) => void
 }
@@ -502,7 +505,7 @@ export function createToolTrackingHook(
       const correlationId = randomUUID()
       const resolved = resolveStateAndStore()
       const sink = options?.getEventSink?.()
-      const sessionId = options?.getSessionId?.() ?? ""
+      const sessionId = input.sessionID ?? options?.getSessionId?.() ?? ""
       const toolCallId = randomUUID()
       if (childSessionId) {
@@ -576,8 +579,11 @@ export function createToolTrackingHook(
     const { state: auditState, store } = resolved
     const sink = options?.getEventSink?.()
     const runId = auditState.sessionId
-    const sessionId = options?.getSessionId?.() ?? ""
-    const reportedByAgent = options?.getAgentName?.() ?? "unknown"
+    const sessionId = input.sessionID ?? options?.getSessionId?.() ?? ""
+    const reportedByAgent =
+      (input.sessionID ? options?.getAgentNameForSession?.(input.sessionID) : undefined) ??
+      options?.getAgentName?.() ??
+      "unknown"
     const findingMetadata = {
       reportedByAgent,
       reportedBySessionId: sessionId,

package/src/tools/report-generator-tool.ts CHANGED Viewed

@@ -44,6 +44,7 @@ export type ReportGenerationResult = {
   report: string
   findingsCount: FindingsCount
   filename: string
+  run_id: string
   contentHash: string
   qualityGates: ReportQualityValidation
   contractDiagnostics: DropDiagnostic[]
@@ -1258,6 +1259,7 @@ export async function executeReportGeneration(
     report: reportMarkdown,
     findingsCount: counts,
     filename: canonicalFilename,
+    run_id: runId,
     contentHash,
     qualityGates,
     contractDiagnostics: diagnostics,